Transcription

1 Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC 888 NOTE From: Incoming Presidency To: Working Group on Information Exchange and Data Protection (DAPIX) No. prev. doc.: 5853/12 Subject: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) - Preparation for trilogue 1. Introduction On 25 January 2012, the Commission adopted its proposal for a General Data Protection Regulation (5853/12). The new Regulation is intended to replace Directive 95/46/EC. The twofold aim of the Regulation is to enhance data protection rights of individuals and to improve the environment for businesses by facilitating the free flow of personal data in the digital single market and increasing the trust of users. In parallel with the proposal for a General Data Protection Regulation, the Commission adopted a Directive on data processing for law enforcement purposes (5833/12). The new directive is intended to replace the 2008 Data Protection Framework Decision. 9985/1/15 REV 1 VH/np 1 DGD 2C LIMITE EN

2 The European Parliament adopted its first reading positions on the proposals for a data protection Regulation and a data protection Directive on 12 March On 15 th June 2015, the JHA Council agreed on a General Approach (9565/15) on the proposal for a General Data Protection Regulation, following several partial general approaches, thereby giving to the Presidency a negotiating mandate to enter into trilogues with Parliament. 2. Preparation for trilogues Further to the adoption of the General Approach at the JHA Council meeting of 15 th June 2015, a kick-off trilogue meeting was held on 24 th June A roadmap setting out the organisation of works for the trilogue phase was agreed with the objective to conclude the negotiations by the end of Furthermore, the three institutions expressed their commitment to the package approach and agreed that each delegated or implementing act be dealt with in the context of the provision they relate to. The next trilogue is scheduled for 14 th July 2015 and will focus on - Article 3(2) Territorial scope - Article 25 Representatives of controllers not established in the Union - Chapter V Transfers of personal data to third countries or international organisations - Relevant definitions in Article 4, in particular definition (14) on representative In Annex appears the four column table which reflects the Commission proposal the European Parliament's first reading position and the Council's General Approach on the provisions that will be discussed in this trilogue. Provisions relating to codes of conduct (articles 38 and 38a) and certification (articles 39 and 39a) will be discussed in relation to Chapter IV. The General Approach reached on 15 th June 2015 constitutes the basis of the negotiation mandate for the incoming Presidency in the trilogue. With a view to preparing this trilogue, the incoming Presidency invites delegations to discuss the following issues in order of appearance with a view to finding compromises. 9985/1/15 REV 1 VH/np 2 DGD 2C LIMITE EN

3 a) The basic criteria for transferring personal data to a third country or an international organisation is that the latter provides for an adequate level of protection in relation to the data being transferred. Article 41 paragraph 3 of the Council s General Approach empowers the Commission to adopt implementing acts in order to adopt such adequacy decisions with regard to a third country, or a territory or one or more specified sectors within that third country, or an international organisation. The Commission proposal follows the same approach. The European Parliament has provided for a delegated act. Article 41 paragraph 5 of the Council s General Approach empowers the Commission to adopt implementing acts in order to decide that a third country, or a territory or one or more specified sectors within that third country, or an international organisation no longer ensures an adequate level of protection. The Commission proposed that such decisions may be taken when a third country or international organisation does not ensure an adequate level of protection. The European Parliament has provided for a delegated act on decisions when there is no (longer an) adequate level of protection. The incoming Presidency recalls that, in accordance with Article 290 TFEU, delegated acts may only amend non-essential elements of a legislative act. Further, in accordance with Article 291 TFEU, implementing acts are required in order to ensure uniform conditions for the implementation of a legislative act 1. In view of the above, delegations are invited to confirm the Council s General Approach with regard to these provisions. 1 On the distinction between delegated and implementing acts, see in particular Council Legal Service Opinion doc. 8970/11 (paragraphs 14 to 18). 9985/1/15 REV 1 VH/np 3 DGD 2C LIMITE EN

4 b) In Article 41(3a) relating to transfers with an adequacy decision, the Council s General Approach provides for a so-called grandfather clause when it comes to existing adequacy decisions, taken on the basis of Article 25(6) of Directive 95/46/EC. This reflects the Commission proposal. The European Parliament takes a different approach by providing for a sunset clause in Article 41(8). In Article 42(5b) relating to transfers by way of appropriate safeguards, the Council s General Approach provides for a so-called grandfather clause when it comes to existing authorisations by Member States or DPAs taken on the basis of Article 26(2) of Directive 95/46 and to Commission decisions taken on the basis of Article 26(4) of Directive 95/46. This reflects the Commission proposal. The European Parliament takes a different approach by providing for a sunset clause in Article 42(5). With a view to ensuring legal certainty for both controllers and data subjects, delegations are invited to confirm the Council s General Approach with regard to these provisions. c) The European Parliament agreed on some provisions which are not included in the Council s General Approach. The incoming Presidency would therefore welcome comments from delegations on the following issues: - Article 43a (new) concerning data transfers or disclosures not authorized by Union law; - Article 45a (new) concerning regular reporting by the Commission. d) Member States are invited to comment on any other issues pertaining to the articles in annex which they deem important in view to the trilogue on 14 th July /1/15 REV 1 VH/np 4 DGD 2C LIMITE EN

5 ANNEX Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) COM(2012)0011 / 2012/0011 (COD) Below delegations find the explanations of the formatting used in the four column table. 1) EP s column : the new text is marked in bold italics, the deleted parts of the text are marked in strikethrough, the identical with the Commission is marked with a diagonal line in the box COM (2012)0011 These developments require building a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance to create the trust that. EP Position / First Reading (6) These developments require building a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance to create the trust that... Council General Approach (15/06/2015) (6) These developments require building a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance to of create creating the trust that... Comments / compromise suggestions 2) Council s column: the new text is marked in bold italics, the deleted parts of the text are marked in strikethrough, the parts of the text that have been moved up or down are marked in bold. 9985/1/15 REV 1 VH/np 5

6 3) 4 th column: the diagonal line in the box indicates that the text is identical for all three institutions. COM (2012)0011 EP Position / First Reading Council General Approach (15/06/2015) Comments / compromise suggestions The protection of natural persons in relation to the processing of personal data is (1) The protection of natural persons in relation to the processing of personal data is (1) The protection of natural persons in relation to the processing of personal data is COM (2012)0011 EP Position / First Reading Council General Approach (15/06/2015) Comments / compromise suggestions Proposal for a Proposal for a Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2) and Article 114(1) thereof, Having regard to the proposal from the European Commission,... REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2) and Article 114(1) thereof, Having regard to the proposal from the European Commission, REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2) and Article 114(1) thereof, Having regard to the proposal from the European Commission, 9985/1/15 REV 1 VH/np 6

7 (19) Any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union should be carried out in accordance with this Regulation, regardless of whether the processing itself takes place within the Union or not. Establishment implies the effective and real exercise of activity through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in this respect. (19) Any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union should be carried out in accordance with this Regulation, regardless of whether the processing itself takes place within the Union or not. Establishment implies the effective and real exercise of activity through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in this respect. (19) Any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union should be carried out in accordance with this Regulation, regardless of whether the processing itself takes place within the Union or not. Establishment implies the effective and real exercise of activity through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in this respect. 9985/1/15 REV 1 VH/np 7

8 Amendment 4 (20) In order to ensure that individuals are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects residing in the Union by a controller not established in the Union should be subject to this Regulation where the processing activities are related to the offering of goods or services to such data subjects, or to the monitoring of the behaviour of such data subjects. (20) In order to ensure that individuals are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects residing in the Union by a controller not established in the Union should be subject to this Regulation where the processing activities are related to the offering of goods or services, irrespective of whether connected to a payment or not, to such data subjects, or to the monitoring of the behaviour of such data subjects. In order to determine whether such a controller is offering goods or services to such data subjects in the Union, it should be ascertained whether it is apparent that the controller is envisaging the offering of services to data subjects in one or more Member States in the Union. (20) In order to ensure that individuals are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects residing in the Union by a controller not established in the Union should be subject to this Regulation where the processing activities are related to the offering of goods or services to such data subjects, or to the monitoring of the behaviour of such data subjects irrespective of whether connected to a payment or not, which takes place in the Union. In order to determine whether such a controller is offering goods or services to such data subjects in the Union, it should be ascertained whether it is apparent that the controller is envisaging doing business with data subjects 9985/1/15 REV 1 VH/np 8

9 residing in one or more Member States in the Union. Whereas the mere accessibility of the controller s or an intermediary s website in the Union or of an address and of other contact details or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, and/or the mentioning of customers or users residing in the Union, may make it apparent that the controller envisages offering goods or services to such data subjects in the Union. 9985/1/15 REV 1 VH/np 9

10 Amendment 5 (21) In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether individuals are tracked on the internet with data processing techniques which consist of applying a profile to an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes. (21) In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether individuals are tracked on the internet with, regardless of the origins of the data, or if other data about them are collected, including from public registers and announcements in the Union that are accessible from outside of the Union, including with the intention to use, or potential of subsequent use of data processing techniques which consist of applying a profile to an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes. (21) The processing of personal data of data subjects residing in the Union by a controller not established in the Union should also be subject to this Regulation when it is related to the monitoring of their behaviour taking place within the European Union. In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether individuals are tracked on the internet with data processing techniques which consist of applying a profile to profiling an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes. 9985/1/15 REV 1 VH/np 10

11 (22) Where the national law of a Member State applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State's diplomatic mission or consular post. (78) Cross-border flows of personal data are necessary for the expansion of international trade and international co-operation. The increase in these flows has raised new challenges and concerns with respect to the protection of personal data. However, when personal data are transferred from the Union to third countries or to international organisations, the level of protection of individuals guaranteed in the Union by this Regulation should not be undermined. In any event, transfers to third countries may only be carried out in full compliance with this Regulation. (22) Where the national law of a Member State applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State's diplomatic mission or consular post. (78) Cross-border flows of personal data are necessary for the expansion of international trade and international co-operation. The increase in these flows has raised new challenges and concerns with respect to the protection of personal data. However, when personal data are transferred from the Union to third countries or to international organisations, the level of protection of individuals guaranteed in the Union by this Regulation should not be undermined. In any event, transfers to third countries may only be carried out in full compliance with this Regulation. (22) Where the national law of a Member State applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State's diplomatic mission or consular post. (78) Cross-border flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international trade and international co-operation. The increase in these flows has raised new challenges and concerns with respect to the protection of personal data. However, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of individuals guaranteed in the Union by this Regulation should not be 9985/1/15 REV 1 VH/np 11

12 undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. In any event, transfers to third countries and international organisations may only be carried out in full compliance with this Regulation. A transfer may only take place if, subject to the other provisions of this Regulation, the conditions laid down in Chapter V are complied with by the controller or processor. 9985/1/15 REV 1 VH/np 12

13 Amendment 53 (79) This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. (79) This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects ensuring an adequate level of protection for the fundamental rights of citizens (79) This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of EU law and include safeguards to protect the rights of the data subjects. 9985/1/15 REV 1 VH/np 13

14 Amendment 54 (80) The Commission may decide with effect for the entire Union that certain third countries, or a territory or a processing sector within a third country, or an international organisation, offer an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third countries or international organisations which are considered to provide such level of protection. In these cases, transfers of personal data to these countries may take place without needing to obtain any further authorisation. (80) The Commission may decide with effect for the entire Union that certain third countries, or a territory or a processing sector within a third country, or an international organisation, offer an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third countries or international organisations which are considered to provide such level of protection. In these cases, transfers of personal data to these countries may take place without needing to obtain any further authorisation. The Commission may also decide, having given notice and a complete justification to the third country, to revoke such a decision. (80) The Commission may decide with effect for the entire Union that certain third countries, or a territory or a processing specified sector, such as the private sector or one or more specific economic sectors within a third country, or an international organisation, offer an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third countries or international organisations, which are considered to provide such level of protection. In these cases, transfers of personal data to these countries may take place without needing to obtain any further authorisation. 9985/1/15 REV 1 VH/np 14

15 (81) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, take into account how a given third country respects the rule of law, access to justice as well as international human rights norms and standards. (81) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, take into account how a given third country respects the rule of law, access to justice as well as international human rights norms and standards. (81) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the a third country or of a territory or of a specified sector within a third country, take into account how a given third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defence and national security as well as public order and criminal law. The adoption of an adequacy decision to a territory or a specified sector in a third country should take into account clear and objective criteria, such as specific processing activities and the scope of applicable legal standards and legislation in force in the third 9985/1/15 REV 1 VH/np 15

16 country. The third country should offer guarantees that ensure an adequate level of protection in particular when data are processed in one or several specific sectors. In particular, the third country should ensure effective data protection supervision and should provide for cooperation mechanisms with the European data protection authorities, and the data subjects should be provided with effective and enforceable rights and effective administrative and judicial redress. (81a) Apart from the international commitments the third country or international organisation has entered into, the Commission should also take account of obligations arising from the third country s or international organisation s participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular the third country s accession to the Council of Europe Convention of 28 January 1981 for the Protection of 9985/1/15 REV 1 VH/np 16

17 Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult with the European Data Protection Board when assessing the level of protection in third countries or international organisations. (81b) The Commission should monitor the functioning of decisions on the level of protection in a third country or a territory or specified sector within a third country, or an international organisation, including decisions adopted on the basis of Article 25(6) or Article 26 (4) of Directive 95/46/EC. The Commission should evaluate, within a reasonable time, the functioning of the latter decisions and report any pertinent findings to the Committee within the meaning of Regulation (EU) No 182/2011 as established under this Regulation. 9985/1/15 REV 1 VH/np 17

18 Amendment 55 (82) The Commission may equally recognise that a third country, or a territory or a processing sector within a third country, or an international organisation offers no adequate level of data protection. Consequently the transfer of personal data to that third country should be prohibited. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. (82) The Commission may equally recognise that a third country, or a territory or a processing sector within a third country, or an international organisation offers no adequate level of data protection. Any legislation which provides for extra-territorial access to personal data processed in the Union without authorisation under Union or Member State law should be considered as an indication of a lack of adequacy. Consequently the transfer of personal data to that third country should be prohibited. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. (82) The Commission may equally recognise that a third country, or a territory or a processing specified sector within a third country, or an international organisation offers no longer ensures an adequate level of data protection. Consequently the transfer of personal data to that third country or international organisation should be prohibited, unless the requirements of Articles 42 to 44 are fulfilled. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. The Commission should, in a timely manner, inform the third country or international organisation of the reasons and enter into consultations with it in order to remedy the situation. 9985/1/15 REV 1 VH/np 18

19 Amendment 56 (83) In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorised by a supervisory authority, or other suitable and proportionate measures justified in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations and where authorised by a supervisory authority. (83) In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorised by a supervisory authority, or other suitable and proportionate measures justified in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations and where authorised by a supervisory authority. Those appropriate safeguards should uphold a respect of the data subject s rights adequate to intra-eu processing, in particular relating to purpose limitation, right to access, rectification, erasure and (83) In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or ad hoc contractual clauses authorised by a supervisory authority, or other suitable and proportionate measures justified in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations and where authorised by a supervisory authority. Those safeguards should ensure compliance with data protection requirements and the rights of the data subjects, including the right to obtain effective administrative or 9985/1/15 REV 1 VH/np 19

20 to claim compensation. Those safeguards should in particular guarantee the observance of the principles of personal data processing, safeguard the data subject s rights and provide for effective redress mechanisms, ensure the observance of the principles of data protection by design and by default, guarantee the existence of a data protection officer. judicial redress. They should relate in particular to compliance with the general principles relating to personal data processing, the availability of enforceable data subject's rights and of effective legal remedies and the principles of data protection by design and by default. Transfers may be carried out also by public authorities or bodies with public authorities or bodies in third countries or with international organisations with corresponding duties or functions, including on the basis of provisions to be inserted into administrative arrangements, such as a memorandum of understanding. The authorisation of the competent supervisory authority should be obtained when the safeguards are adduced in non legally binding administrative arrangements. 9985/1/15 REV 1 VH/np 20

Analysis The Proposed Data Protection Regulation: What has the Council agreed so far? Steve Peers, Professor of Law, University of Essex Twitter: @StevePeers 8 December 2014 Introduction Back in January

Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

Comparison of the Parliament and Council text on the General Data Protection Regulation General comments The Council text and the Parliament text are both based on the Commission's proposal and as such

Conseil UE Council of the European Union Brussels, 28 July 2015 (OR. en) PUBLIC 11243/15 LIMITE DRS 50 CODEC 1084 NOTE From: To: Subject: General Secretariat of the Council Delegations Proposal for a DIRECTIVE

EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council

EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy

17.2.2005 C 40/9 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 4 February 2005 at the request of the Council of the European Union on a proposal for a directive of the European Parliament and

Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data

101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

COUNCIL OF THE EUROPEAN UNION Brussels, 11 February 2010 6092/10 Interinstitutional File: 2008/0140 (CNS) SOC 75 JAI 108 MI 39 NOTE from : The Presidency to : The Working Party on Social Questions on :

EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing

11. 6. 98 EN Official Journal of the European Communities L 166/45 DIRECTIVE 98/26/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 May 1998 on settlement finality in payment and securities settlement

EUROPEAN COMMISSION Brussels, 6.11.2015 COM(2015) 566 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the Transfer of Personal Data from the EU to the United States

EUROPEAN COMMISSION Brussels, 9.12.2015 COM(2015) 627 final 2015/0284 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ensuring the cross-border portability of online content

COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of

Comments and proposals on the Chapter III of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon, Bits of Freedom, FIPR and Privacy International

ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities

The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

Unofficial consolidated version of the Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the

EUROPEAN COMMISSION Proposal for a Brussels, 24.3.2010 COM(2010) 105 final 2010/0067 (CNS) C7-0315/10 COUNCIL REGULATION (EU) implementing enhanced cooperation in the area of the law applicable to divorce

COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures

D1391E-2012 29.10.2012 EUROPEAN BANKING FEDERATION PROPOSED AMENDMENTS TO THE EUROPEAN COMMISSION PROPOSAL FOR A REGULATION ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA

CALL FOR EVIDENCE ON THE GOVERNMENT S REVIEW OF THE BALANCE OF COMPETENCES BETWEEN THE UNITED KINGDOM AND THE EUROPEAN UNION Police and Criminal Justice LEGAL ANNEX Section 1: Development of the EU s competence

PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

Council of the European Union Brussels, 14 November 2014 (OR. en) 15206/14 FREMP 198 JAI 846 COHOM 152 POLG 156 NOTE From: To: Subject: Presidency Council Ensuring respect for the rule of law in the European

L 122/28 Official Journal of the European Union 16.5.2009 DIRECTIVE 2009/38/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 May 2009 on the establishment of a European Works Council or a procedure

COUNCIL OF THE EUROPEAN UNION Brussels, 15 April 2010 8173/10 Interinstitutional File: 2008/0140 (CNS) SOC 240 JAI 270 MI 94 NOTE from : The Presidency to : The Working Party on Social Questions No. prev.

Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal

CEIOPS-DOC-07/08 General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008 CEIOPS e.v. - Westhafenplatz 1 60327 Frankfurt

COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 10.3.2006 COM(2006) 110 final 2003/0218 (CNS) Modified proposal for a COUNCIL REGULATION amending Regulation (EC) 1030/2002 laying down a uniform format

EUROPEAN COMMISSION Brussels, 9.1.2014 COM(2013) 937 final 2013/0449 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation (EU) N 260/2012 as regards the migration

European Council Brussels, 2 February 2016 (OR. en) EUCO 4/16 NOTE To: Subject: Delegations Draft Decision of the Heads of State or Government, meeting within the European Council, concerning a New Settlement

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

Conseil UE COUNCIL OF THE EUROPEAN UNION Brussels, 25 February 2004 PUBLIC Interinstitutional File: 2002/0242 (CNS) DOCUMT PARTIALLY ACCESSIBLE TO THE PUBLIC 6681/04 LIMITE MIGR 10 OUTCOME OF PROCEEDINGS

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.